Class: Contrast::Agent::Protect::Rule::Sqli Deprecated

Inherits:

SqliBaseRule

• Object
• Base
• SqliBaseRule
• Contrast::Agent::Protect::Rule::Sqli

Extended by:

Reporting::InputType

Includes:

Contrast::Agent::Protect::Rule::SqlSampleBuilder::AttackBuilder, Contrast::Agent::Protect::Rule::SqlSampleBuilder::SqliSample, Reporting::InputType

Defined in:

lib/contrast/agent/protect/rule/sqli/sqli.rb,
lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb,
lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb,
lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb

Overview

Deprecated.

RUBY-356

Defined Under Namespace

Classes: DefaultSqlScanner, MysqlSqlScanner, PostgresSqlScanner, SqliteSqlScanner

Constant Summary

NAME =

'sql-injection'

Constants included from Reporting::InputType

Reporting::InputType::BODY, Reporting::InputType::COOKIE_NAME, Reporting::InputType::COOKIE_VALUE, Reporting::InputType::DWR_VALUE, Reporting::InputType::HEADER, Reporting::InputType::JSON_ARRAYED_VALUE, Reporting::InputType::JSON_VALUE, Reporting::InputType::METHOD, Reporting::InputType::MULTIPART_CONTENT_TYPE, Reporting::InputType::MULTIPART_FIELD_NAME, Reporting::InputType::MULTIPART_NAME, Reporting::InputType::MULTIPART_VALUE, Reporting::InputType::PARAMETER_NAME, Reporting::InputType::PARAMETER_VALUE, Reporting::InputType::QUERYSTRING, Reporting::InputType::REQUEST, Reporting::InputType::SOCKET, Reporting::InputType::UNDEFINED_TYPE, Reporting::InputType::UNKNOWN, Reporting::InputType::URI, Reporting::InputType::URL_PARAMETER, Reporting::InputType::XML_VALUE

Constants inherited from SqliBaseRule

Contrast::Agent::Protect::Rule::SqliBaseRule::APPLICABLE_USER_INPUTS, Contrast::Agent::Protect::Rule::SqliBaseRule::BLOCK_MESSAGE

Constants inherited from Base

Base::BLOCKING_MODES, Base::RULE_NAME, Base::STACK_COLLECTION_RESULTS, Base::SUSPICIOUS_REPORTING_RULES

Constants included from Filters

Filters::POSTFILTER_MODES

Instance Attribute Summary

Attributes inherited from Base

#mode

Instance Method Summary

• #applicable_user_inputs ⇒ Object
• #block_message ⇒ Object
• #check_sql_input_with_agent(sql, database, input_index, input_length) ⇒ Hash, Boolean

  We’ll need a second place, where we need to check the token boundaries if are being crossed and worth-watching.

• #classification ⇒ module<Contrast::Agent::Protect::Rule::SqliInputClassification>

  SQLI input classification.

• #find_attacker_with_results(context, potential_attack_string, ia_results, **kwargs) ⇒ Contrast::Agent::Reporting^?

  Allows for the InputAnalysis from Agent Library to be extracted early.

• #rule_name ⇒ Object
• #semantic_dangerous_functions ⇒ Contrast::Agent::Protect::Rule::SqliDangerousFunctions
• #sub_rules ⇒ Array

  Array of sub_rules.

Methods included from Reporting::InputType

to_a

Methods included from Contrast::Agent::Protect::Rule::SqlSampleBuilder::AttackBuilder

#append_match, #build_attack_with_match, #record_agent_lib_match, #record_match, #select_scanner

Methods included from Contrast::Agent::Protect::Rule::SqlSampleBuilder::SqliSample

#build_sample

Methods inherited from SqliBaseRule

#infilter

Methods included from Components::Logger::InstanceMethods

#cef_logger, #logger

Methods inherited from Base

#append_to_activity, #cef_logging, #classify, #enabled?, #excluded?, #initialize, #stream_safe?, #update

Methods included from Filters

#infilter, #infilter?, #postfilter, #postfilter?, #prefilter, #prefilter?

Methods included from Builders

#build_attack_result, #build_attack_with_match, #build_attack_without_match, #build_base_sample, #build_sample, #build_violation

Methods included from Components::Scope::InstanceMethods

#contrast_enter_method_scopes!, #contrast_exit_method_scopes!, #with_app_scope, #with_contrast_scope, #with_deserialization_scope, #with_split_scope

Constructor Details

This class inherits a constructor from Contrast::Agent::Protect::Rule::Base

Instance Method Details

#applicable_user_inputs ⇒ Object

# File 'lib/contrast/agent/protect/rule/sqli/sqli.rb', line 52

def applicable_user_inputs
  APPLICABLE_USER_INPUTS
end

#block_message ⇒ Object

# File 'lib/contrast/agent/protect/rule/sqli/sqli.rb', line 34

def block_message
  BLOCK_MESSAGE
end

#check_sql_input_with_agent(sql, database, input_index, input_length) ⇒ Hash, Boolean

We’ll need a second place, where we need to check the token boundaries if are being crossed and worth-watching.

Parameters:

• sql (String) —

  SQL coming from parameter

• database (String) —

  Type of database

• input_index (String) —

  index in the sqlQuery string where user input was found

• input_length (Number) —

  length of the input value

Returns:

• (Hash, Boolean)

# File 'lib/contrast/agent/protect/rule/sqli/sqli.rb', line 99

def check_sql_input_with_agent sql, database, input_index, input_length
  return false unless (agent_lib = Contrast::AGENT_LIB) && sql && database

  agent_lib.check_sql_query(input_index, input_length, database, sql)
end

#classification ⇒ module<Contrast::Agent::Protect::Rule::SqliInputClassification>

SQLI input classification

Returns:

• (module<Contrast::Agent::Protect::Rule::SqliInputClassification>)

# File 'lib/contrast/agent/protect/rule/sqli/sqli.rb', line 59

def classification
  @_classification ||= Contrast::Agent::Protect::Rule::SqliInputClassification.cs__freeze
end

#find_attacker_with_results(context, potential_attack_string, ia_results, **kwargs) ⇒ Contrast::Agent::Reporting^?

Allows for the InputAnalysis from Agent Library to be extracted early

Parameters:

• context (Contrast::Agent::RequestContext)
• potential_attack_string (String, nil)
• ia_results (Array<Contrast::Agent::Reporting::InputAnalysis>)
• **kwargs

Returns:

• (Contrast::Agent::Reporting, nil)

# File 'lib/contrast/agent/protect/rule/sqli/sqli.rb', line 69

def find_attacker_with_results context, potential_attack_string, ia_results, **kwargs
  logger.trace('Checking vectors for attacks', rule: rule_name, input: potential_attack_string)

  result = nil
  ia_results.each do |ia_result|
    if potential_attack_string
      idx = potential_attack_string.index(ia_result.value)
      next unless idx

      database_type = kwargs[:database].to_sym
      input_length = ia_result.value.length
      lib_result = check_sql_input_with_agent(potential_attack_string, database_type, idx, input_length)

      kwargs[:result_struct] = lib_result
      result = build_attack_with_match(context, ia_result, result, potential_attack_string, **kwargs)
    else
      result = build_attack_without_match(context, ia_result, result, **kwargs)
    end
  end
  result
end

#rule_name ⇒ Object

# File 'lib/contrast/agent/protect/rule/sqli/sqli.rb', line 30

def rule_name
  NAME
end

#semantic_dangerous_functions ⇒ Contrast::Agent::Protect::Rule::SqliDangerousFunctions

Returns:

• (Contrast::Agent::Protect::Rule::SqliDangerousFunctions)

# File 'lib/contrast/agent/protect/rule/sqli/sqli.rb', line 41

def semantic_dangerous_functions
  @_semantic_dangerous_functions ||= Contrast::Agent::Protect::Rule::SqliDangerousFunctions.new
end

#sub_rules ⇒ Array

Array of sub_rules

Returns:

• (Array)

# File 'lib/contrast/agent/protect/rule/sqli/sqli.rb', line 48

def sub_rules
  @_sub_rules ||= [semantic_dangerous_functions].cs__freeze
end